New Search

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8 Mozilla Suite before 1.7.13 and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

oval:org.mitre.oval:def:10815

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8 Mozilla Suite before 1.7.13 and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Red Hat Enterprise Linux 4
  • CentOS Linux 3
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2006-1733
Product(s):